Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0hOV3oAulHYtiblLnsQxIRIEd4k.roa
File:                     0hOV3oAulHYtiblLnsQxIRIEd4k.roa (raw, json)
Hash identifier:          uxr5zaXM3W9r1uuw/a8qR/+/+OEftC7fX6Aq1tobm9A=
Subject key identifier:   D2:13:95:DE:80:2E:94:76:2D:89:B9:4B:9E:C4:31:21:12:04:77:89
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0186B84B7F606F78CD2BA8AC1D6D848C11BD
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0hOV3oAulHYtiblLnsQxIRIEd4k.roa
Signing time:             Mon 06 Mar 2023 19:00:00 +0000
ROA not before:           Mon 06 Mar 2023 19:00:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56690
IP address blocks:        193.233.150.0/24 maxlen: 24
                          193.233.164.0/24 maxlen: 24
                          193.233.166.0/23 maxlen: 23
                          193.233.168.0/23 maxlen: 23
                          193.233.73.0/24 maxlen: 24
                          193.233.92.0/24 maxlen: 24
                          193.233.93.0/24 maxlen: 24
                          193.233.94.0/24 maxlen: 24
                          193.233.12.0/23 maxlen: 23
                          193.233.240.0/23 maxlen: 23
                          193.233.24.0/23 maxlen: 23
                          193.233.242.0/24 maxlen: 24
                          193.233.243.0/24 maxlen: 24
                          193.233.26.0/23 maxlen: 23
                          193.233.28.0/23 maxlen: 23
                          193.233.254.0/23 maxlen: 23
                          193.233.54.0/23 maxlen: 23
                          193.233.176.0/20 maxlen: 20
                          193.233.212.0/22 maxlen: 22
                          193.233.224.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 06 Mar 2023 19:15:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b8:4b:7f:60:6f:78:cd:2b:a8:ac:1d:6d:84:8c:11:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Mar  6 19:00:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d21395de802e94762d89b94b9ec4312112047789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b5:4a:9f:a0:28:df:96:05:aa:a8:b8:32:fe:
                    78:03:0e:6e:2d:b9:e2:cc:c0:72:4b:d1:0a:35:2c:
                    ed:e1:a1:ce:a2:9a:fa:df:fa:89:16:75:a9:d2:f6:
                    75:ad:c4:e2:68:15:bc:49:01:6b:47:1e:bf:bf:cd:
                    bf:e4:c3:e8:9e:a5:ac:65:19:32:01:58:66:66:03:
                    f4:33:03:3e:b0:b8:80:87:99:bf:7f:25:97:dc:42:
                    73:11:43:1b:a1:5b:6c:09:bf:b0:1d:94:9c:d2:56:
                    3d:94:0c:54:e1:82:c0:ba:b3:22:45:ab:38:24:46:
                    37:de:a5:fb:13:f3:c0:d7:fb:24:97:77:8c:b1:fa:
                    5c:ff:e2:08:43:7d:ab:9b:cb:33:36:59:2a:39:29:
                    3a:d3:51:dc:48:80:80:38:38:71:45:d6:62:6c:bd:
                    84:bd:00:d9:b4:ea:ba:86:55:03:ba:d3:ef:3a:5d:
                    f6:14:93:f4:54:bf:ce:6e:64:ca:ac:73:f2:f2:3b:
                    52:5f:76:bd:49:a3:59:59:6e:c9:5f:43:c5:59:d5:
                    6f:63:cc:bf:ae:3a:10:d1:a4:23:31:4e:4a:0d:b3:
                    93:ac:d2:b2:44:56:2d:38:14:d0:b1:f8:de:2d:7f:
                    cc:c9:94:0e:1b:54:53:ee:d6:48:1e:c7:19:7f:6a:
                    25:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:13:95:DE:80:2E:94:76:2D:89:B9:4B:9E:C4:31:21:12:04:77:89
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/0hOV3oAulHYtiblLnsQxIRIEd4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.12.0/23
                  193.233.24.0-193.233.29.255
                  193.233.54.0/23
                  193.233.73.0/24
                  193.233.92.0-193.233.94.255
                  193.233.150.0/24
                  193.233.164.0/24
                  193.233.166.0-193.233.169.255
                  193.233.176.0/20
                  193.233.212.0/22
                  193.233.224.0/22
                  193.233.240.0/22
                  193.233.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:67:00:a4:d3:26:dc:09:7e:22:22:b2:d2:07:6d:64:92:f9:
         44:71:e0:bb:26:52:25:0f:64:31:8f:9f:c9:af:60:7c:ae:02:
         29:ad:a2:f7:cf:22:8f:04:bd:0a:a7:b2:b9:b4:8a:2d:e8:90:
         fa:9b:57:ea:c4:80:e0:c6:57:c2:4a:d2:6a:36:06:cc:e9:20:
         71:ff:10:fe:ed:b1:05:5b:21:09:87:69:27:7b:d7:93:92:d5:
         a8:d6:b9:09:96:1b:38:29:18:7e:2a:a5:40:ad:04:d6:ee:62:
         20:30:62:60:55:e8:e6:a5:46:9f:69:1b:dc:90:b9:d2:8a:b7:
         e6:3c:a0:4d:46:16:46:0d:ca:ba:3d:1b:05:9d:2e:06:c6:36:
         63:5c:d1:53:16:5b:06:3e:e6:92:e1:31:6b:67:72:72:88:28:
         6c:ba:12:0e:63:8b:a1:05:d3:13:a9:d3:e6:5f:cd:53:b6:0b:
         34:9f:2e:af:05:93:c8:a2:83:19:6d:63:52:56:4a:38:b6:ce:
         84:09:54:9a:71:fd:81:d4:58:f9:23:f1:c3:8d:4d:87:bc:f9:
         d4:7a:16:a5:55:b3:ab:76:cc:90:9b:5f:5a:3a:cc:af:cd:f1:
         b0:39:0c:86:30:ec:d8:8d:43:dd:8c:0a:7f:c3:f7:2a:bd:dd:
         59:55:82:ff
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYa4S39gb3jNK6isHW2EjBG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMwMzA2MTkwMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjEzOTVkZTgwMmU5NDc2MmQ4OWI5NGI5ZWM0MzEyMTEyMDQ3Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbVKn6Ao35YFqqi4Mv54Aw5uLbni
zMByS9EKNSzt4aHOopr63/qJFnWp0vZ1rcTiaBW8SQFrRx6/v82/5MPonqWsZRky
AVhmZgP0MwM+sLiAh5m/fyWX3EJzEUMboVtsCb+wHZSc0lY9lAxU4YLAurMiRas4
JEY33qX7E/PA1/skl3eMsfpc/+IIQ32rm8szNlkqOSk601HcSICAODhxRdZibL2E
vQDZtOq6hlUDutPvOl32FJP0VL/ObmTKrHPy8jtSX3a9SaNZWW7JX0PFWdVvY8y/
rjoQ0aQjMU5KDbOTrNKyRFYtOBTQsfjeLX/MyZQOG1RT7tZIHscZf2olYwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFNITld6ALpR2LYm5S57EMSESBHeJMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMGhPVjNvQXVsSFl0aWJsTG5zUXhJUklFZDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQBwekMMAwD
BAPB6RgDBAHB6RwDBAHB6TYDBADB6UkwDAMEAsHpXAMEAMHpXgMEAMHplgMEAMHp
pDAMAwQBwemmAwQBwemoAwQEwemwAwQCwenUAwQCwengAwQCwenwAwQBwen+MA0G
CSqGSIb3DQEBCwUAA4IBAQBXZwCk0ybcCX4iIrLSB21kkvlEceC7JlIlD2Qxj5/J
r2B8rgIpraL3zyKPBL0Kp7K5tIot6JD6m1fqxIDgxlfCStJqNgbM6SBx/xD+7bEF
WyEJh2kne9eTktWo1rkJlhs4KRh+KqVArQTW7mIgMGJgVejmpUafaRvckLnSirfm
PKBNRhZGDcq6PRsFnS4GxjZjXNFTFlsGPuaS4TFrZ3JyiChsuhIOY4uhBdMTqdPm
X81Ttgs0ny6vBZPIooMZbWNSVko4ts6ECVSacf2B1Fj5I/HDjU2HvPnUehalVbOr
dsyQm19aOsyvzfGwOQyGMOzYjUPdjAp/w/cqvd1ZVYL/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:39 2024 by rpki-client on console-fra.rpki-client.org